stumped..

  • 105 Views
  • Last Post 30 January 2017
kebabfest posted this 29 January 2017

Hi Guys,
I am having some serious issues with an ADFS 2.0 Infrastructure.To cut a very long story short I have to re-issue a new single label certifcate for the federated service and reset their whole certificate infrastructure including decommissioning an old SBS 2011 Server/The result everything working fine bar the Microsoft Online Relaying Claims for 0365. Now I am quite happy rebuidling the ADFS 2.0 Infrastructure, but is there any chance it could wipe out the links to the mailboxes which have been migrated across on their Exchange Hybrid.Monday morning is coming ever closer and with no email solution before then I is fried.......
Any help guys would be great. 
Eoin

Order By: Standard | Newest | Votes
bdesmond posted this 29 January 2017

The link is based on AD FS sending an Immutable ID claim to AAD. By default, that is the objectGUID of the AD account. As long as that hasn’t been changed,

the default configuration that the cmdlets setup in your new AD FS infrastructure will work just fine.



 

Thanks,

Brian Desmond

 

w – 312.625.1438 | c – 312.731.3132

 

show

kebabfest posted this 30 January 2017

Cheers Brian. There was something going on with the authentication side of things. I converted the domain back to standalone , so at least users have email tomorrow and ill go through the logs to see if I can figure out what happened.




show

Bharathian posted this 30 January 2017

Hi,

 

Not sure it is relevant.



 

There is a new authentication method released in preview Azure AD Pass through authentication & Single sign on with Password Hash Sync,

which will illuminate the need of ADFS.

 

https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/

 

Regards

Bharathi.

 

show

kebabfest posted this 30 January 2017

Hi,

show

kebabfest posted this 30 January 2017

this looks pretty good. I think I'll give it a go..


show

Bharathian posted this 30 January 2017

It is a good feature, we have our passwords synced in Azure AD, and we have enabled Single Sign on Feature along with this, now it gives a pure Single

sign on (based on a Kerberos ticket). And this feature is opportunistic, when Kerberos doesn’t work in case of disaster scenario it just prompts for password...

 

Regards

Bharathi.

 

show

kebabfest posted this 30 January 2017

Nice... I take it also provides a feature to restrict usage to onsite ip addresses ?




show

Close